from the knowing-the-unknowable dept

A natural response to the increasingly harsh enforcement of laws against unauthorized sharing of copyright files is to move to encrypted connections. It seems like a perfect solution: nobody can eavesdrop, and so nobody can find out what you are sharing. But as TorrentFreak reports, a German court has just dealt a blow to this approach.

RetroShare is a Open Source cross-platform, Friend-2-Friend and secure decentralised communication platform.

It lets you to securely chat and share files with your friends and family, using a web-of-trust to authenticate peers and OpenSSL to encrypt all communication. RetroShare provides filesharing, chat, messages, forums and channels

That sounds pretty safe, but TorrentFreak explains why it wasn't in the current case:

This week a Hamburg court ruled against a RetroShare user who passed on an encrypted transfer that turned out to be a copyrighted music file. The user in question was not aware of the transfer, and merely passed on the data in a way similar to how TOR works.

The court, however, ruled that the user in question, who was identified by the copyright holder, is responsible for passing on the encrypted song.

The judge ordered an injunction against the RetroShare user, who is now forbidden from transferring the song with a maximum penalty of €250,000 or a six month prison term. Since RetroShare traffic is encrypted this means that the user can no longer use the network without being at risk.

That's because the user can't know what's in an encrypted file passing through his or her system, and thus cannot guarantee that it is not the song in question. In truth, this situation is partly the user's own fault:

RetroShare derives its security from the fact that all transfers go through "trusted friends" who users themselves add. In this case, the defendant added the anti-piracy monitoring company as a friend, which allowed him to be "caught."

But even if the court case in Hamburg is a result of fairly exceptional circumstances, it creates an awful precedent: that German users are responsible for encrypted contents passing through their connection, even though there is no way they can know what they might contain. Unfortunately, this is of a piece with a previous ruling by a German court that people can be fined for what others do with their open wifi connections, regardless of whether they knew what was going on.

I am from germany and the more cases like that get absurd rulings, the more I think that even having any potential data connection is starting to become an unbearable liability.

I mean, being liable for encrypted connections despite not able to know the exact contents of the connection is madness. I mean, who knows exactly what installed software is sending out to who knows where in an encrypted fashion? what if the software gets compromised by malware?

Even worse, considering that here an old women that didn't even have a computer was found guilty for copyright infringement, what stops these parasites from simply claiming copyright infringement, just because there was some encrypted communication going on?

how are you going to defend against this?

And nobody tell me they wouldn't do that. these bastards will sink as low as physically possible to extort people who did nothing wrong, or in some cases even nothing at all.

Re:

It is not so much about the money as scaring people away from sharing any files over the Internet. The music industry sees the Internet as a threat to its control over the distribution of music and piracy is a convenient excuse for engaging in terror tactics to try and stop ALL file sharing over the Internet. If it disrupts Independent artists from distributing their works it is helping to disrupt the competition to their business.

Re: Re: Use a VPN

And immediately after that, we'll hear about the most ginormously massive data breach in history, since things like passwords, banking data and state secrets all involve encrypted data to one degree or another.

A blow?

I don't know if I'd call this a dealt blow ... in the long run, on a global scale, this position is unsustainable.

Rightsholders walk a fine line. They have to defend their copyrighted material in a pitch black, Wild West arena without provoking a response that overturns or devalues the rights they have. The German's court's positon will never be tolerated by the global public even if the consequence was that all copyright was abolished (and nobody wants that, not even the pro-piracy trolls).

Re: A blow?

> Rightsholders walk a fine line. They have to defend their copyrighted
> material in a pitch black, Wild West arena without provoking
> a response that overturns or devalues the rights they have.

Um, NO. They don't have to.

If communication is in pitch black, then it is none of their business because they do not and cannot know what people are communicating -- and this is how it should be. I can speak in private with someone about anything we agree to speak about.

No response overturns their rights if they are actual rights. Only they themselves can devalue their rights, not the response. I think they can devalue their content, but not devalue their rights. And they are very hard at work devaluing their content by not making it available at a reasonable price.

Re: Security FAIL

Exactly. The most vicious account "hacking" I've ever personally encountered was a guy who thought he could trust his cousin with his password. Family is family, blood is thicker than water, etc, etc.

The problem was, the cousin naturally trusted his own father. And the account-owner's uncle thought it would be hilariously funny to go into the account, delete or give away everything the guy had in there, then login to the forums as his nephew and very profanely come out of the closet as a homosexual pedophile.

If the anti piracy group found out about the illegal transfer wouldn't that make them also liable? They must have seen the file somehow in order to charge the person. In order to see it they must have passed some data through their network. That makes them just as guilty if not more so then the other user.

Re:

Re: liability

This is a good idea. Users of these private groups just need to copyright the encryption public keys. The act of decrypting the message using the public key is evidence of unauthorized distribution. So if anyone brings the case to court sue the company back for their unauthorized distribution of your copyrighted private key. Damages are equal to whatever they sue for plus make this a web application enivronmnet and then press for criminal prosecution for unlawfull access to a system environment. Also use any portion of identification (such as health info) within the public key and you might have a HIPAA violation to report as well. This could become a nighmare if setup correctly.

Re: Post office

You don't even have to use an analogy. In this case, the ISP(s) that routed the encrypted file from its source to the defendant also "passed on" the file, so they should also be liable by this ruling, for any and all file transfers on their network.

Re: Re: Post office

Not to mention those running the main routing nodes in and out of countries it passes through... those owning any physical infrastructure such as fibre or satallites that the ISP's lease.. etc etc. They should all be flensed!

ISPs

When you use SSL, your ISP is passing on the encrypted data, without having any way of knowing what is inside. So, if you use SSL to connect to a file sharing site and transfer a copyrighted file, your ISP is responsible for the data being shared? This is madness.

how old and internet savvy is the idiotic judge that ruled this way? i suppose if he got stopped by the police for going through a traffic light that was showing no light and hit another car, it would be the other drivers fault! what a prick! guess everything didn't end after all when Germany lost the last war!

Re: The encryption itself is the "crime", see?

The history is a cat and mouse game. When someone creates an "unbreakable" method, someone else breaks it. Then someone else creates a new "unbreakable" method, and someone else again breaks it. Repeat ad infinitum. This will be the case with deep packet inspection.

Heck, there's already a way around it that is already a significant source of file-sharing:

Re: Re: Re: The encryption itself is the "crime", see?

Yeah, so what? At least the postal service can't be sued for letting you mail the card, and the manufacturer of the pocket you put the card in while you carried it can't be sued, and the manufacturer of the car you drove while transporting it can't be sued.

Re: Re: Re: Re: The encryption itself is the "crime", see?

Not this idiocy again. The idea that you can ban encryption or require a "license" is silly for a whole host of reasons... including this very comment. It's a sign of someone who doesn't understand what "encryption" means.

Wow, I haven't used ROT13 in soooo long... thanks for making me feel old.

Re: The encryption itself is the "crime", see?

Unless they make encryption illegal or can break it, a system like this actually DOES work (assuming, of course, you don't add the anti-piracy site as a trusted friend or make some other really stupid move.)

But you have a point, and people are out of line for flagging the post. If encryption becomes illegal, you really only have the options of attempting in-plain-sight encryption (which has limits) or not using the Internet.

If you don't know who you are with, don't do anything you wouldn't do in front of a cop. That's the takeaway; no more no less. But most people already know that. So if some dumbshit gets his ass in a sling for being too wide-eyed, it's not the end of the world.

That said, I'd be interested in learning more about how the contractor got said dumbshit to friend them. I'd wager there were some shady bits involved in that.

It is also relevant than any file can be any other file but encrypted.

I can take any file in existence, and encrypt it to be any other file. All I need it an encryption key that is the difference between the files. Hence I can send a video of my mums cat, and claim it is in fact a copyrighted album of mp3 files.

A little incorrect

Germany doesn't follow common law, so the statement "it creates an awful precedent" is a bit inaccurate. Judges in Germany will continue to rule based on the laws, not based on prior cases such as this one.

Its an evolution and Thanks to this guy for his contribution

We all know what the "Friends network" was doingn wrong. Thank you to this unfortunate person for helping all of us see the other players hand. Time to morf into something new if you want to steal content. If you are an innocent person on this legal network then let the RIAA in and root out the people who like myself, STEAL other peoples work.